NetProwler 3.5.1 Security Update 4

April 5, 2001

NetProwler 3.5.1 Security Update 4

Description

NetProwler 3.5.1 SU4 introduces signatures that detect escaped characters within a URL, directory traversals within a URL, multiple web server CGI vulnerabilities, HTML formatted e-mails that use frames, and buffer overflow style attacks for FTP services. It also strengthens the already existing NetProwler Stacheldraht signatures. You may obtain NetProwler 3.5.1 SU4 through the product's auto update feature.

Security Update 4 Signatures

AltaVista_Traversal

Detects attempts to use a directory traversal to read files and directories outside of the web server's scope.

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2000-0039

Beaninfo_CGI

Detects attempts to execute the beaninfo CGI cold fusion module that may allow arbitrary reading of remote files and DoS the host with file processing tasks.

http://www.securityfocus.com/bid/2094

CFCache_CGI

Detects attempts to read sensitive system information made publicly accessible by the CFCache function in ColdFusion version 4x.

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2000-0057

Compaq_Agent_Traversal

Detects attempts to use a directory traversal to read files and directories outside of the web server's scope.

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0771

Detail_CGI

Detects attempts to execute the detail CGI cold fusion module that may allow arbitrary reading of remote files and DoS the host with file processing tasks.

http://www.securityfocus.com/bid/2094

DisplayOpenedFile_CGI

Detects attempts to save arbitrary files uploaded to the Cold Fusion Application Server by the openfile CGI cold fusion module.

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=1999-0455

E_Mail_Embedded_Frames

Detects HTML frames within e-mail messages.

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2000-0105

Excite_CGI

Detects attempts to execute remote shell commands through Excite for Web Servers' perl interpreter that could compromise privileged access.

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=1999-0279

FTP_Input_Validation

Detects attempts to exploit FTP servers through an input validation bug.

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2000-0573

GetTempDirectory_CGI

Detects attempts to execute the gettempdirectory CGI cold fusion module that may allow arbitrary reading of remote files and DoS the host with file processing tasks.

http://www.securityfocus.com/bid/2094

HTSearch_CGI

Detects attempts to execute the htsearch CGI script that allows arbitrary reading of remote files.

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2000-0208

Imagemap_CGI

Detects attempts to buffer overflow the imagemap CGI and gain privileged access on the remote host.

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=1999-0951

Infosrch_CGI

Detects attempts to execute the infosrch CGI script that allows remote commands to be executed with the web server's privileges.

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2000-0207

MLog_CGI

Detects attempts to execute the mlog CGI script that allows arbitrary reading of remote files.

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=1999-0346

NewTear

NewTear uses malformed packet fragments to crash vulnerable operating systems. It is a variant of Teardrop modified to work against some operating systems even after the Teardrop patch has been applied.

OpenFile_CGI

Detects attempts to upload arbitrary files to the Cold Fusion Application Server.

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=1999-0455

Perl_CGI

Detects attempts to execute remote commands on a web server through the perl interpreter.

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=1999-0509

PFDispaly_CGI

Detects attempts to execute the pfdisplay CGI script that allows arbitrary reading of remote files.

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=1999-0270

PHP_CGI

Detects attempts to execute the PHP CGI script that allows arbitrary reading of remote files.

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=1999-0058

Stacheldraht

Stacheldraht is a distributed denial-of-service tool that allows attackers to use compromised systems as attack agents. This signature detects network activity resembling Stacheldraht control communication.

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2000-0138

Stacheldraht_Agent

Stacheldraht is a distributed denial-of-service tool that allows attackers to use compromised systems as attack agents. This signature detects specific network traffic generated by the Stacheldraht agent component.

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2000-0138

URL_Directory_Traversal

Detects directory traversal attempts in a URL.

http://www.securityfocus.com/bid/1806

URL_Hex_Characters

Detects escaped hex characters in a URL.

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2000-0304

ViewExample_CGI

Detects attempts to execute the viewexample CGI cold fusion module that may allow arbitrary reading of remote files and DoS the host with file processing tasks.

http://www.securityfocus.com/bid/2094

Webcom_CGI

Detects attempts to execute the Webcom CGI Guestbook programs wguest.exe and rguest.exe that allow remote files to be read arbitrarily using the "template" parameter.

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0467

Last modified on: Tuesday, 02-Oct-01 20:28:35